Krop Spam — permanently stop spam in your blog comments

I’ve been tired of com­ment spam at my blogs (I also use Word­Press as a CMS engi­ne so com­ment spam is even more pain in the ass) so I have cre­ated a method to stop it. My method pro­ved to be very effi­cient and doesn’t need any human inte­rac­tion (whi­le plu­gins such as Aki­smet requ­ire blog owner to perio­di­cal­ly look thro­ugh spam fol­der to check if the­re are­n’t any fal­se posi­ti­ves). I have deci­ded to wrap it up in a plugin.

How does it work?

Well, I’ve noti­ced that spam­bots usu­al­ly direc­tly attack the wp-comments-post.php script that is a Word­Press com­ment pro­ces­sing script. Some (but this is real­ly rare) spam­mers also try to par­se the WWW page and when they find a <form> the­re, they just blin­dly fill it in and submit.

If you look into any Word­Press tem­pla­te sour­ce code, you’ll find that the­re is a <texta­rea name=„comment”> some­whe­re insi­de. This is a text field for com­ment con­tent that user enters. Spam­mers just fill it in with garbage.

What my plu­gin does is chan­ge this <texta­rea> name to some­thing meanin­gless for spam­mers (by default its „komen­ta­rzyk” which means „a lit­tle com­ment” in Polish 😉 ). This way, whe­ne­ver a spam­mer attacks your wp-comments-post.php direc­tly, he doesn’t fill now requ­ired „komen­ta­rzyk” field and the com­ment is not added. More­over, my plu­gin leaves the <texta­rea name=„comment” in the sour­ce code, but makes it small (1 row and 1 column only) and tries to hide it thro­ugh CSS (display: none) so human user will pro­ba­bly not fill that field in. Spam­mers don’t bother to check texta­re­a’s size nor do they under­stand CSS, so even when they par­se your webpa­ge, they not only fill in requ­ired „komen­ta­rzyk” field, but also fill in the „com­ment” field (becau­se they fill in just eve­ry­thing they find). This way they let your blog now they are bad people — if „com­ment” field is fil­led in, pro­ba­bly machi­ne fil­led in your com­ment form inste­ad of human. So we refu­se the com­ment to be added.

So, how to install the plugin?

1. Down­lo­ad the Krop Spam plu­gin and unzip it into your Word­Press wp-con­ten­t/plu­gins directory.
2. Ena­ble the plu­gin in Word­Press admin.
3. Open up wp-comments-post.php in your favo­ri­te text edi­tor and find a line that says:

$comment_content = trim($_POST['comment']);  

4. Repla­ce this line with fol­lo­wing fragment:

if(trim($_POST['comment']) != '') wp_die( __('Sorry, small comments field should be left empty - it\'s a spam trap.'));
$comment_content = trim($_POST['komentarzyk']);

5. You’re done 🙂

I have tested the plu­gin with few Word­Press the­mes found on the inter­net and it works cor­rec­tly. The only plu­gi­n’s requ­ire­ment is that it needs to have access to any tem­po­ra­ry direc­to­ry (usu­al­ly /tmp) on the server. It’s almost always possi­ble. If not — talk to you provider.

How efficient is it?

I have been using this method at my Kar­ko­no­sze page sin­ce a few mon­ths ago and it decre­ased the num­ber of spam I rece­ive from 20 – 30 a week to 1 in 3 mon­ths. The­re­’s no guaran­tee it will work for you though 😉